c4532b4686
Enable minion file backup
...
ci/lysergic/push/pipeline Pipeline was successful
https://docs.saltproject.io/en/latest/ref/states/backup_mode.html
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 20:13:24 +02:00
3143bfd96d
Merge pull request 'Import moni firewall configuration' ( #65 ) from moni into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #65
2023-05-02 20:06:31 +02:00
d89138e2a7
Import moni firewall configuration
...
ci/lysergic/push/pipeline Pipeline was successful
Some ports not yet covered by a role.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 20:02:21 +02:00
05d86ce689
Merge pull request 'Init phoebe.lysergic.dev' ( #64 ) from phoebe into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #64
2023-05-02 19:52:06 +02:00
55acb1dea4
Init phoebe.lysergic.dev
...
ci/lysergic/push/pipeline Pipeline was successful
Blank machine.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 19:48:22 +02:00
9f176609a5
Merge pull request 'Add manage_sshd conditional' ( #63 ) from sshd-optional into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #63
2023-05-02 19:39:20 +02:00
409016ea75
Disable manage_sshd for philia
...
ci/lysergic/push/pipeline Pipeline was successful
Machine uses a custom sshd configuration for $reasons.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 19:32:36 +02:00
8776b16be1
Add manage_sshd conditional
...
Allow sshd configuration to be skipped on "special" machines using
an optional "manage_sshd: False" pillar option.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 19:30:33 +02:00
6763d1b64e
Merge pull request 'No longer remove libX11' ( #62 ) from libX11 into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #62
2023-05-02 00:16:20 +02:00
d4d7d41ca7
No longer remove libX11
...
ci/lysergic/push/pipeline Pipeline was successful
Multiple packages need it as a dependency, maintaining an exclusion list
is not feasible.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-02 00:11:45 +02:00
16827d7318
Merge pull request 'Add users conditional for sss' ( #61 ) from skip-users-if-sss into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #61
2023-05-01 23:15:45 +02:00
51e33815df
Add users conditional for sss
...
ci/lysergic/push/pipeline Pipeline was successful
Skip failing local users management on machines using sssd.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-01 22:25:28 +02:00
bfeeb8673e
Merge pull request 'Check files in nbroles to grains script' ( #60 ) from nbroles-to-grains-refactor into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #60
2023-05-01 21:48:34 +02:00
de9ac40e3f
Check files in nbroles to grains script
...
ci/lysergic/push/pipeline Pipeline was successful
Script is called in the Lysergic repository as well, where not all files
exist.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-01 21:45:13 +02:00
c951f48b71
Merge pull request 'Repair manage_firewall behavior' ( #59 ) from firewall-optional into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #59
2023-05-01 20:39:02 +02:00
f96e9a4901
Repair manage_firewall behavior
...
ci/lysergic/push/pipeline Pipeline was successful
Fixup to b685f16c91
, default value was
outside of conditional - it didn't cause any errors, but did not work as
expected either. :-)
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-01 20:35:27 +02:00
75c91e72cb
Merge pull request 'Set env_order + ping_on_rotate' ( #58 ) from saltenv into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #58
2023-05-01 20:27:12 +02:00
2a9a5cf394
Set ping_on_rotate
...
ci/lysergic/push/pipeline Pipeline was successful
Enable option to ensure minions are immediately responsive after key
rotations.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-01 20:24:13 +02:00
1089146801
Set env_order
...
ci/lysergic/push/pipeline Pipeline was successful
Option was removed in d4f39e8e5f
, but the
default environment seems to not be set to "production" without
it being present. Adding it back until a better way is found.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-01 20:20:32 +02:00
27d178d852
Merge pull request 'Repair BookStack httpd configuration' ( #57 ) from themis-httpd-fixup into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #57
2023-05-01 00:08:00 +02:00
841317e0f4
Repair BookStack httpd configuration
...
ci/lysergic/push/pipeline Pipeline was successful
- Replace wrong instances of RewriteCond with RewriteRule
- Remove wrong quotes around rewrite conditions
- Set correct options (seemingly our version of httpd does not set
FollowSymLinks by default?)
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-05-01 00:00:31 +02:00
5f1793547b
Merge pull request 'Repair PrivateBin config quoting' ( #56 ) from privatebin-quoting into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #56
2023-04-30 20:42:21 +02:00
942b71815e
Repair PrivateBin config quoting
...
ci/lysergic/push/pipeline Pipeline was successful
Ensure strings are quoted correctly.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 20:38:43 +02:00
edd16ff3a7
Merge pull request 'Repair undefined id' ( #55 ) from common-id-var into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #55
2023-04-30 20:14:32 +02:00
1290fd5ec7
Repair undefined id
...
ci/lysergic/push/pipeline Pipeline was successful
Replace with call to grains dict.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 20:11:24 +02:00
f56ed6f64e
Merge pull request 'Adjust themis httpd directory options' ( #50 ) from themis-httpd-fixup into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #50
2023-04-30 20:04:42 +02:00
d8263f9b80
Merge pull request 'Exclude libX11 removal for FPM hosts' ( #54 ) from libX11-php into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #54
2023-04-30 19:58:19 +02:00
269b30ce9f
Exclude libX11 removal for FPM hosts
...
ci/lysergic/push/pipeline Pipeline was successful
Needed for some PHP extensions.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 19:48:36 +02:00
21f8818a52
Merge pull request 'Repair BookStack quoting' ( #53 ) from bookstack-quoting into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #53
2023-04-30 19:00:05 +02:00
985b401aaa
Repair BookStack quoting
...
ci/lysergic/push/pipeline Pipeline was successful
Re-order ending quote.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:57:03 +02:00
65af33d4fb
Merge pull request 'Repair BookStack quoting' ( #52 ) from bookstack-quoting into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #52
2023-04-30 18:53:40 +02:00
4053be45d2
Repair BookStack quoting
...
ci/lysergic/push/pipeline Pipeline was successful
Attempt to repair quoting by correcting the if-condition grouping and by
replacing the quote filter with manual quotes.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:50:25 +02:00
8d9af70941
Merge pull request 'BookStack fixups' ( #51 ) from bookstack-fixup into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #51
2023-04-30 18:34:12 +02:00
ef0a931157
Correct BookStack group
...
ci/lysergic/push/pipeline Pipeline was successful
Environment file needs to be readable by the www, not the wwwrun, group
for PHP-FPM to be able to access it.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:27:35 +02:00
d8359f002d
Correct SAML realm capitalization
...
ci/lysergic/push/pipeline Pipeline was successful
The Keycloak realm is named "LibertaCasa", not "libertacasa".
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:22:58 +02:00
938be46faf
Quote BookStack values
...
ci/lysergic/push/pipeline Pipeline was successful
Some strings contain spaces or special characters and should be quoted.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:20:54 +02:00
0a3d34d962
Adjust themis httpd directory options
...
ci/lysergic/push/pipeline Pipeline was successful
Some directory options are not needed and were listed with syntax
issues. Set to false to prevent "Options" from
being added, which equals "Options +FollowSymLinks".
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 18:16:35 +02:00
600a73a984
Merge pull request 'Add empty role.privatebin pillar' ( #49 ) from privatebin-role into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #49
2023-04-30 16:44:56 +02:00
b0613cf377
Add empty role.privatebin pillar
...
ci/lysergic/push/pipeline Pipeline was successful
For some reason Salt complains about the file missing, albeit us using
"ignore_missing" in the top file.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 16:41:22 +02:00
b7f34f8b9d
Merge pull request 'Add manage_firewall conditional' ( #48 ) from firewall-optional into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #48
2023-04-30 16:11:46 +02:00
b685f16c91
Add manage_firewall conditional
...
ci/lysergic/push/pipeline Pipeline was successful
Allow us to enroll machines in Salt which do not yet have their firewall
configuration imported without having their rules overwritten.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 16:07:21 +02:00
f90197f791
Merge pull request 'Add empty role.bookstack pillar' ( #47 ) from bookstack-pillar into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #47
2023-04-30 14:58:14 +02:00
e8107a3054
Add empty role.bookstack pillar
...
ci/lysergic/push/pipeline Pipeline was successful
For some reason Salt complains about the file missing (albeit us using
having "ignore_missing" enabled in the pillar top).
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 14:54:43 +02:00
524c82cafa
Merge pull request 'Allow saltenv/pillarenv override' ( #45 ) from saltenv into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #45
2023-04-30 14:49:12 +02:00
d4f39e8e5f
Allow saltenv/pillarenv override
...
ci/lysergic/push/pipeline Pipeline was successful
To ease development, allow saltenv=<branch>/pillarenv=<branch> instead
of enforcing the production branch.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 14:43:59 +02:00
a7cd6609e6
Merge pull request 'Watch httpd service for snippets' ( #46 ) from httpd-service into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #46
2023-04-30 14:43:42 +02:00
d65cb9a43b
Watch httpd service for snippets
...
ci/lysergic/push/pipeline Pipeline was successful
The reload/restart module calls have been dropped from the formula.
Watch the service.running state instead.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-30 14:39:27 +02:00
b1249e69eb
Merge pull request 'Import themis / PrivateBin' ( #40 ) from privatebin into production
...
ci/lysergic/push/pipeline Pipeline failed
Reviewed-on: #40
2023-04-30 14:37:12 +02:00
87bb69fa37
Merge pull request 'Split out salt.formulas state' ( #44 ) from profile-formulas into production
...
ci/lysergic/push/pipeline Pipeline was successful
Reviewed-on: #44
2023-04-29 19:07:32 +02:00
76d1da11d9
Split out salt.formulas state
...
ci/lysergic/push/pipeline Pipeline was successful
Allow formulas update on Salt master without applying the complete Salt
master profile.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-04-29 18:55:49 +02:00